How To Avoid Your Passwords Being Cracked

Many sites you frequently visit these days require a password in order to enter. That’s because there usually is some form of confidential information stored behind these password protected pages.

But passwords can be cracked, so if you want to KEEP that information confidential, you’d better use a good and strong password.

And that certainly applies to your most important online accounts like bank or other money accounts. To a certain extent, I can understand (not agree!) why people want to have access to your PayPal or bank account, since there’s money to get. Greed and an easy way to make money is their motive.

cracks
Photo Credit: Mel B.

But otherwise, I have NO idea why people would like to crack password for things like blogs and web2.0 sites, other than the morbid delight of destruction.

But it happens!

I had it happen to this very blog last month. Using brute force (see below).
So the lesson here is to defend your Cpanel, blog, bank and all other accounts with strong passwords that are hard to crack.

Now, I’m NOT a security specialist. All I can do is try to explain this matter in my own layman’s words and that’s what I do below.

Suppose I used a ONE character password to protect my site and that one character could only consist of the letters a to z. That would give me 26 possibilities to create my password.

If someone wanted to crack that password, all this person had to do is fill in each letter on my login page and hit submit. Including the response time this requires, this can be done at a pace of 3 times per minute. On average it requires 13 tries to find the password, so that only takes less than 5 minutes.

Now suppose I add another character to my password. Then the total number of possible combination would increase drastically, since for every character in the first position, there are 26 possibilities in the second one. Total number of combinations: 26 x 26 = 676. The average time required to find my password would become 338 / 3 = 112 minutes.

When we allow to have numbers in our password, the possibilities per character would be 36 and the total number of possible combinations when using 2 characters would be 36 x 36 = 1,296. Average time to find my password: 648 / 3 = 216 minutes.

Finally, when we also allow all letters to be in capitals, that adds another 26 options per character. So now the total number of possible combinations for a 2 character password becomes 62 x 62 = 3,844. Average time to find my password: 640 minutes!

If we would allow for more characters to be included in the password, the figures will be:

# Chars. Possible Combinations Average # minutes needed to crack password
3 238.328 39.721
4 14.776.336 2.462.723
5 916.132.832 152.688.805

 

See how the column at the right increases drastically?
THAT’S all you have to remember from this exercise.

Of course anyone doing this would be a fool, because we have computers to do things like this. And hackers and crackers use computer programs to do this. Their software starts at the left most character with ‘a’ and work their way to the most right character, scanning all combinations possible.
That is called ‘brute force’.

But for computers the same effect applies. The more options per character and the more characters used, the more difficult it becomes to find the right password combination.
Therefore, it’s wise to use at least 8 characters in your password, using a combination of upper and lower letters and numbers.

So the name of your little sister simply won’t do! Nor does the name of anyone else. You also need to include numbers and, if allowed, special characters.

If you use names, then at least don’t use names that are easy to guess. Use at least one capital and also add a number. A great way to combine everything is to replace an ‘a’ by 1 and a 1 by ‘a’. That makes names more difficult to find.

IF it’s allowed, you can also add special characters to your passwords, or even add a space, so you can make your password a phrase. Which, in general, is easier to remember.

But the fewer characters allowed, the longer your password should be!

If you’re really good in math, you can see from the table above that a 15 character password only containing letters is stronger than an 8 character password containing all possible characters on your keyboard, simply because the total possible number of combinations depends on the power of the number of characters in your password.

It’s also very wise to periodically change your password using the information above. Doing so avoids all possible hacks or cracks of your passwords since anyone on their way to compromise your passwords would have to start all over again.

Here’s an online password checker where you can see how strong your password is. There are more available, just google the phrase ‘password checker’.

Remember this:
– the more variety in possible characters, the better and
– the longer your password, the harder to crack.

Don’t let it happen to you. Avoid having your passwords cracked.

Had a similar experience or want to react to this post?
Leave your comments below.




Share this post using these icons:
Facebooktwittergoogle_pluslinkedinmail

Related Posts

 

5 thoughts on “How To Avoid Your Passwords Being Cracked

  1. Teeg says:

    Thanks for the reminder, Clay! My office used to have one of those 4 button door locks on it and I had to tell my boss to use two numbers at once, otherwise it would only take a minute or less to figure out the passcode.

    I tend to forget it with passwords though, primarily because they drive me up the wall sometimes.

    I know one reason people try to break any passwords they can, but it’s certainly not the only reason. Many people have a habit of using the same password on every site. So if they figure your password for your blog, they might can also get into your paypal account, bank account, etc. I learned my lesson the hard way, after someone broke into a forum I was on and I didn’t think to change paypal before they could get to it too. Luckily paypal and my bank worked with me so that we weren’t out anything, but it was a scary couple of days.

  2. Raymond Chua says:

    I prefer a combination of alphabet and numbers. It produced more possibilities and thus make the password stronger. 🙂

  3. Teeg says:

    @Case LOL I have no idea. Have I mentioned that I have a 5 year old and am usually trying to type around his chatter? Still, very embarrassed! (insert blushing emoticon here).

    Te-ge 🙂

  4. Case Stevens says:

    Thanks for all the responses guys. Proves that this IS an important matter that should not be taken lightly!

    @Teeg Who’s Clay?

    @Blain Thanks, these may be helpful tools.
    It’s a nice report you offer, you only have to do some lay-out work for the lines with the bigger fonts. They don’t display well.

    I wouldn’t recommend anyone to fool around with brute force protection scripts, if at all possible, if you don’t know exactly what you’re doing.

  5. Catering Supplies says:

    Great tips and thank you for the tool. I checked my passwords and they are good. I do need to start changing them every so often but I have so many places that I think I would get confused. I will try though so I don’t get hacked. Thanks for the tips.

Comments are closed.